Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Matters of Life and Death: Cyber Security and Medical Devices
February 3, 2020
Concerns about the vulnerabilities of medical devices to cyber attacks are spurring a new focus on the need to protect patient safety, data and hospital systems It’s a scenario right out of a Hollywood blockbuster. Without a word of warning, medical devices regulating everything from heartbeat to insulin levels across a hospital system begin behaving erratically ...
- Google, Mozilla Crack Down on Malicious Extensions and Add-ons
January 28, 2020
Browser security takes a hit as Google and Mozilla discontinue a large number of browser extensions and add-ons due to malicious activity. The Google security team has temporarily disallowed the publishing or updating of paid extensions that use the Chrome Web Store payments. This is due to an influx of fraudulent transactions performed via the said extensions. The suspension ...
- An Inside Look into Microsoft Rich Text Format and OLE Exploits
January 24, 2020
There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016, browsers tended to be the most common attack vector to exploit and infect machines but now Microsoft Office applications are preferred, according to a report published here during March 2019. Increasing use of Microsoft Office as a ...
- Nice Try: 501 (Ransomware) Not Implemented
January 24, 2020
Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deployment of the previously unseen NOTROBIN malware family by one threat actor. FireEye continues to actively track multiple ...
- Windows EFS Feature May Help Ransomware Attackers
January 21, 2020
Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer. The lab-developed ransomware strain relies on the Encrypting File System (EFS) component in Microsoft’s operating system and can run undetected by some antivirus software. EFS allows users to ...
- FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
January 17, 2020
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the ...